summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_samr.h4
-rw-r--r--source3/rpc_client/cli_samr.c16
-rw-r--r--source3/rpc_parse/parse_samr.c33
-rw-r--r--source3/rpc_server/srv_samr.c10
4 files changed, 42 insertions, 21 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 54df484444..44e1c61484 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -535,8 +535,8 @@ typedef struct r_samr_enum_dom_users_info
uint32 num_entries3;
- SAM_ENTRY sam[MAX_SAM_ENTRIES];
- UNISTR2 uni_acct_name[MAX_SAM_ENTRIES];
+ SAM_ENTRY *sam;
+ UNISTR2 *uni_acct_name;
uint32 num_entries4;
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index f822937cef..49db8c8216 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -769,13 +769,6 @@ BOOL samr_enum_dom_users(struct cli_state *cli, uint16 fnum,
int name_idx = 0;
*num_sam_users = r_e.num_entries2;
- if (*num_sam_users > MAX_SAM_ENTRIES)
- {
- *num_sam_users = MAX_SAM_ENTRIES;
- DEBUG(2,("samr_enum_dom_users: sam user entries limited to %d\n",
- *num_sam_users));
- }
-
*sam = (struct acct_info*) malloc(sizeof(struct acct_info) * (*num_sam_users));
if ((*sam) == NULL)
@@ -798,6 +791,15 @@ BOOL samr_enum_dom_users(struct cli_state *cli, uint16 fnum,
}
valid_pol = True;
}
+
+ if (r_e.sam != NULL)
+ {
+ free(r_e.sam);
+ }
+ if (r_e.uni_acct_name != NULL)
+ {
+ free(r_e.uni_acct_name);
+ }
}
prs_mem_free(&data );
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index f4447c7dc9..a6069f5ff3 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -1047,14 +1047,9 @@ void make_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS *r_u,
DEBUG(5,("make_samr_r_enum_dom_users\n"));
- if (num_sam_entries >= MAX_SAM_ENTRIES)
- {
- num_sam_entries = MAX_SAM_ENTRIES;
- DEBUG(5,("limiting number of entries to %d\n",
- num_sam_entries));
- }
-
r_u->next_idx = next_idx;
+ r_u->sam = NULL;
+ r_u->uni_acct_name = NULL;
if (num_sam_entries != 0)
{
@@ -1063,8 +1058,14 @@ void make_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS *r_u,
r_u->num_entries2 = num_sam_entries;
r_u->num_entries3 = num_sam_entries;
- SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries);
- SMB_ASSERT_ARRAY(r_u->uni_acct_name, num_sam_entries);
+ r_u->sam = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0]));
+ r_u->uni_acct_name = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_acct_name[0]));
+
+ if (r_u->sam == NULL || r_u->uni_acct_name == NULL)
+ {
+ DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+ return;
+ }
for (i = 0; i < num_sam_entries; i++)
{
@@ -1110,7 +1111,17 @@ void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struc
prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2));
prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3));
- SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2);
+ if (ps->io)
+ {
+ r_u->sam = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0]));
+ r_u->uni_acct_name = Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_acct_name[0]));
+ }
+
+ if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0)
+ {
+ DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+ return;
+ }
for (i = 0; i < r_u->num_entries2; i++)
{
@@ -1118,8 +1129,6 @@ void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struc
sam_io_sam_entry("", &(r_u->sam[i]), ps, depth);
}
- SMB_ASSERT_ARRAY(r_u->uni_acct_name, r_u->num_entries2);
-
for (i = 0; i < r_u->num_entries2; i++)
{
prs_grow(ps);
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 4f190270dd..0371fbc88c 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -354,6 +354,16 @@ static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
/* store the response in the SMB stream */
samr_io_r_enum_dom_users("", &r_e, rdata, 0);
+ if (r_e.sam != NULL)
+ {
+ free(r_e.sam);
+ }
+
+ if (r_e.uni_acct_name != NULL)
+ {
+ free(r_e.uni_acct_name);
+ }
+
DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__));
}